VOLUME 39

   ISSUE 39

30 October  2014

Whenever you want to plug your phone to an unknown device to charge it, Have you ever thought of the possibility of your data being transferred to a third party? You might come across different situations where you will have to use charging pots such as in air ports and public charging stations. So every time you use a public charging pot, you are at a risk.
Have you ever heard the word �USB Condom�? Security experts have created this device �USB Condoms� which allows you to charge your smart phone or tablet without risking accidental syncing of private data or contracting a computer virus.
Fake charging pots have been set up to steal your sensitive private data. When you plug your mobile phone to an unknown computer to get it charged, there will be a program running behind to get a backup of all your sensitive and personal data.
USB cables are actually composed of several entwined cables, wrapped in a single protective covering. Some of the cables allow data transfer, while two provide five volts of electricity. To charge a device you only need the power cables, not the data cables � which can actually put you at risk of unnecessary data transfer or infection by malware.
 

USB Condom is a small chip with a male and a female port. You can plug your USB to the female port of the USB Condom and then male port of your USB condom to the PC or to the unknown device. USB Condom simply connects only the cables that transfer power but severing any kind of a data connection.
In the wrong hands, the data from your phone is more valuable than the phone itself, so there is plenty of motivation for the bad guys to pursue juice-jacking. May the gods of USB have mercy on your data if you plug into a public USB port within 50 miles of the annual DefCon security conference in Las Vegas. This is a place where using public WiFi or ATMs is extremely risky. If there is anywhere juice-jacking is likely to occur, it�s there.
 

If the makers of the USB condom have any sense, they�ll set up shop at next year�s DefCon and make a boatload of cash selling their smartphone prophylactics. It will come in both mini and micro USB flavors. There is no price listed on the USB condom�s page yet, but can you really put a price on that kind of peace of mind?

 Saranga Anjana Wijeratna

 Saranga is an undergraduate of Informatics Institute of Technology who is currently following BEng (Hons) Software Engineering. Currently he is working as Intern - Information Security Engineer at Sri Lanka CERT|CC
 

-

''....The Obama administration's top cybersecurity official wants to get rid of passwords.

"Frankly, I would love to kill the password dead as a primary security method, because it's terrible," said Michael Daniel, the White House cybersecurity coordinator, during a discussion Thursday hosted by the Center for National Policy and The Christian Science Monitor......'

'..With millions of new iOS and Android devices pouring into the enterprise every quarter, it's important to know just how much risk these devices bring � and if one mobile operating system has an edge over another when it comes to securing enterprise applications and data....'

DHS Anti-Terrorism Program Could Provide Cyberattack Liability Protection

'....A little-known Department of Homeland Security program for providing liability protection to US firms in the wake of terrorist or other attacks could also provide shelter for firms facing legal action in the wake of a cyberattack.

Brian Finch, a partner with the law firm Pillsbury Winthrop Shaw Pittman LLP and a cybersecurity legal expert, says the DHS's so-called SAFETY Act, which protects certified providers of anti-terrorism products and services, also can apply to providers of cyber security products and services -- and even to the cybersecurity policies of major corporations in the event of an attack.....'

'...As head of a Michigan-based cybersecurity firm, Larry Ponemon has studied data breaches including the hacking of Target credit cards, and Chinese and other international cyber espionage. But his favorite incident, he says, was small, avoidable and probably victimless.

It involved a doctor and a tablet (tablet as in iPad, not medication). The physician�s health-care network had just upgraded its data storage system, and he was given an iPad that he could carry from the hospital to his home in which he collected patient information that would go directly to a cloud-based bank of medical records....'

Member states of the European Union might soon be creating new laws that will raise minimum prison sentences for convicted cyber attackers and botnet herders. Last week, the European Parliament committee on Civil Liberties, Justice and Home Affairs has approved a draft for a directive whose objective is to "approximate rules on criminal law in the Member States in the area of attacks against information systems, and improve cooperation between judicial and other competent authorities. The proposal is scheduled to be voted on by the European Parliament in July, and if the draft gets approved, the directive will become a concrete proposal on the basis of which member states will be urged to model their laws regarding attacks against information systems.

'...Cisco has warned customers to lock down WebEx after a security researcher and journalist found many big-name companies left some online meetings open for anyone to join....'